Ease of usage of cloud computing leads to an exponential growth in all sectors. Exponential growth always attracts duplicates to consume and deplete resources. Cloud is not exempted from invaders and overwhelming the resource utilisation thereby availability become a threat. Availability issue arises due to multiple requests towards the same victim, a DDoS attack. Hence, the major concern in the cloud is to rightly identify legitimates, and providing the required services all time go by avoiding DDoS attacks. Multiple techniques are available to identify and authenticate the users. This paper not only just tries to authenticate the users but also works on eliminating the invaders in two fold. In the first phase, the user ID is scrambled in four different steps. In the second phase, the users are authenticated depending on the credits. Based on the traffic flow (in the case of network level attack) and on the interval between consequent service requests (in the case of service level attack), users are authenticated upon which services are provisioned accordingly. The simulation results presented here exhibits the strength of the proposed method in detection and prevention of DDoS attack in cloud computing environment. © 2020 Inderscience Enterprises Ltd.